wildcard domains not handled well -- should be removed from output list with some option #47
Comments
|
I agree. In my results I get a lot of results like these: _tcp.domain.tld Those subdomains do not ping. |
|
@pdelteil this are likely just SRV records and they don't need to resolve, but they may resolve. In the case of wildcard DNS record responses, it means there is no reason to brute Force because all the child records wile likely return the same IP or from a pool of similar IPs. Thats why you test a really long random subdomain first to see if the result is valid because it would be almost impossible for the domain to have that subdomain legitimately. |
|
I see, thanks for your answer. |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
wildcard domains not handled well -- should be removed from output list with some option
Example:
"""
$ dig +short bsB03SHuaeLPpYejea1uHExZSvEPbc.blogspot.com
blogspot.l.googleusercontent.com.
172.217.5.65
"""
There should exist some option to text long random subdomain and exclude additional results if a hit is found on a highly probable wildcard configuration. Fierce DNS brute script does this by default and would recommend this as default option in subbrute too.
The text was updated successfully, but these errors were encountered: